Categories of Control

You can increase operational security and protect an organization's assets in many ways. To a large degree, operational security is about control. There are six broad categories of controls:

  • Preventive controls Mechanisms and tools designed to prevent actions that increase risk or violate security policies. Physical barriers such as fences and locks are examples of a preventive control.
  • Detective controls Processes, tools, or methods used to identify and react to security violations. Administrative actions such as auditing are examples of a detective control.
  • Corrective controls Applications, programs, or practices used to react to an adverse event and to reduce or eliminate risks associated with the event. A technical solution such an IDS or IPS system that can respond to an adverse event is an example of a corrective control.
  • Recovery controls Practices, processes, or mechanisms to restore the operating state to normal after an attack or system failure. Technical solutions such as RAID and tape backup are examples of recovery controls.
  • Deterrent controls Systems, tools, and procedures used to discourage violations. An administrative policy stating that those who place unauthorized modems or wireless devices on the network could be fired is an example of a deterrent control.
  • Directive controls Procedures and documents used to preclude or mandate actions to reduce risk. An administrative policy stating that all employee candidates must have their educational and employment history background verified is an example of a directive control.

If you are wondering how to keep up with all these controls, it might help to consider that all the individual items discussed can be categorized as either an administrative, technical, or physical control.

Controls are separated into three main types: administrative, technical, and physical. Expect test questions to quiz your knowledge of this and the various categories discussed.

The CISSP Cram Sheet

A Note from Series Editor Ed Tittel

About the Author


We Want to Hear from You!



The CISSP Certification Exam

Physical Security

Security-Management Practices

Access-Control Systems and Methodology

System Architecture and Models

Telecommunications and Network Security

Applications and Systems-Development Security

Operations Security

Business Continuity Planning

Law, Investigations, and Ethics


Practice Exam 1

Answers to Practice Exam 1

Practice Exam 2

Answers to Practice Exam 2

CISSP Exam Cram 2
CISSP Exam Cram 2
ISBN: 078973446X
EAN: 2147483647
Year: 2003
Pages: 204
Authors: Michael Gregg © 2008-2020.
If you may any questions please contact us: